NIS 2 (Network and Information Security 2) is a key piece of legislation of the European Union aimed at strengthening cyber security throughout the Union. This is a continuation of the previous NIS Directive (2016/1148), which defined cybersecurity resilience standards for critical services and infrastructure.
Changes and extensions to NIS 2
NIS 2 introduces a number of significant changes and extensions aimed at responding to growing digital threats and increasing the dependence of critical infrastructure on IT systems. This Directive extends the subject-matter and subject-matter scope to cover new sectors of the economy and eliminates the previous distinction between operators of essential services and digital service providers.
The main objectives of the Directive
The main objectives of NIS 2 are:
- Enhancing the cyber resilience of all relevant public and private actors in the EU.
- Reducing inconsistencies in the internal market by harmonising cybersecurity rules.
- Ensuring an effective enforcement framework across the European Union.
Means and requirements
The new NIS 2 rules introduce stricter supervisory and enforcement measures, including harmonised sanctions. The Directive requires key public and private entities operating in sectors such as energy, transport, banking, health and digital infrastructure to implement advanced cybersecurity solutions.
BSP Engagement
Business & Science Poland actively participated in the process of consultations and negotiations on NIS 2. The organization prepared a detailed position and participated in meetings with EU institutions and other stakeholders to discuss the implementation of the amendments to the Directive. The BSP supports the strengthening of the European cybersecurity system and stresses the need for effective risk-based governance and cooperation between Member States.
Summary
The NIS 2 Directive represents an important step towards increasing cyber resilience in the EU in the face of growing digital threats. With more stringent cybersecurity requirements and an effective enforcement framework, the European Union intends to strengthen its ability to respond quickly to incidents and protect key sectors of the economy from cyber attacks.